-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/59185/
-----------------------------------------------------------
(Updated May 11, 2017, 4:45 p.m.)
Review request for mesos, Benjamin Bannier and Jie Yu.
Bugs: MESOS-7477
https://issues.apache.org/jira/browse/MESOS-7477
Repository: mesos
Description
-------
In the absence of ambient capabilities, capabilities in the
effective set do not survive across execve(2). This means
that tasks attempting to make use of the LinuxInfo capability
support also need to ensure that file capabilities are set on
the file that is ultimately executed. Supporting ambient
capabilities allows the effective capabilities to survive
execve(2), so it is now possible to launch a task with limited
privilege elevations.
Diffs
-----
src/linux/capabilities.hpp 5fa3799948f8ac4bcaeaa89f91d7d090e426c5a6
src/linux/capabilities.cpp 7aa8c352def644468e8c9041a2fe4319f313b09b
src/slave/containerizer/mesos/launch.cpp
2835beff9dbfa7f2a1cac306a58e2b1d66c14342
src/tests/containerizer/capabilities_tests.cpp
15a85cab87c28402eeb2bfbc751c8c77bf4c14f5
Diff: https://reviews.apache.org/r/59185/diff/1/
Testing
-------
make check (Fedora 25)
Thanks,
James Peach
